How to secure your dedicated or VPS server. Please not that this is only the vary basics!
First, lets configure CSF
Step 1: login to SSH, and become the root user
Step 2: enter the following command: wget https://download.configserver.com/csf.tgz
Step 3: enter the following command: tar -xzf csf.tgz
Step 4: cd csf
Step 5:Run the install file: sh install.sh
You will receive a message saying it has been installed
Next you'll want to configure CSF
Step 1: nano nano /etc/csf/csf.conf
Step 2: Find Common ingress (inbound) TCP ports
Step 3: Change the following:
Common ingress (inbound) ports
Add 49152:65534 for passive FTP
Common egress (outbound) ports
Add 49152:65534 for passive FTP
Step 6: restart the firewall: csf -r
Step 7: After everything is fine, change the DEV option
We recommend changing this back to "0" after you've had a chance to ensure everything is working well and tested the server out.
nano /etc/csf/csf.conf
Find the first variable, which enables or disables testing and set to 0, save the config file and restart csf with "csf -r"
Disable Telnet
To disable telnet, SSH into server and login as root.
At command prompt type: nano-w /etc/xinetd.d/telnet
change disable = no to disable = yes
Save and Exit
At command prompt type: /etc/init.d/xinetd restart
Secure /tmp
Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:
# dd if=/dev/zero of=/dev/tmpFS bs=1024 count=1000000
# /sbin/mkfs.ext3 /dev/tmpFS
Create a backup copy of your current /tmp drive:
# cp -Rpf /tmp /tmpbackup
Mount our new tmp parition and change permissions:
# mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
# chmod 1777 /tmp
Copy the old data:
cp -Rpf /tmpbackup/* /tmp/
If you run the mount command and you should get something like this:
/dev/tmpMnt on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)
Edit /etc/fstab and add this:
/dev/tmpMnt /tmp ext3 loop,nosuid,noexec,rw 0 0
Test your fstab entry:
# mount -o remount /tmp
You can test it runnig a script on /tmp partition, if you get "permission denied" it is fine!
